From chris.coulson at canonical.com Tue Feb 1 11:27:52 2011 From: chris.coulson at canonical.com (Chris Coulson) Date: Tue, 01 Feb 2011 11:27:52 -0000 Subject: [ubuntu/karmic-proposed] moon 1.0.1-3ubuntu0.xul191build1.9.10.2 (Accepted) Message-ID: <20110201112752.31813.22664.launchpad@wampee.canonical.com> moon (1.0.1-3ubuntu0.xul191build1.9.10.2) karmic-proposed; urgency=low * Fix LP: #538796 - cannot open Firefox/Chromium/Chrome when moonlight is installed, due to a symbol collision with the icedtea plugin. Thanks to Evan Martin and Chris Toshok for figuring this out - add debian/patches/avoid_icedtea_symbol_collision.dpatch - update debian/patches/00list Date: Mon, 31 Jan 2011 17:19:33 +0000 Changed-By: Chris Coulson Maintainer: Ubuntu MOTU Developers https://launchpad.net/ubuntu/karmic/+source/moon/1.0.1-3ubuntu0.xul191build1.9.10.2 -------------- next part -------------- Format: 1.8 Date: Mon, 31 Jan 2011 17:19:33 +0000 Source: moon Binary: moonlight-plugin-core moonlight-plugin-mozilla libmoon Architecture: source Version: 1.0.1-3ubuntu0.xul191build1.9.10.2 Distribution: karmic-proposed Urgency: low Maintainer: Ubuntu MOTU Developers Changed-By: Chris Coulson Description: libmoon - Free Software clone of Silverlight 1.0 - unstable runtime library moonlight-plugin-core - Free Software clone of Silverlight 1.0 - plugin core components moonlight-plugin-mozilla - Free Software clone of Silverlight 1.0 - Xulrunner 1.9 plugin Launchpad-Bugs-Fixed: 538796 Changes: moon (1.0.1-3ubuntu0.xul191build1.9.10.2) karmic-proposed; urgency=low . * Fix LP: #538796 - cannot open Firefox/Chromium/Chrome when moonlight is installed, due to a symbol collision with the icedtea plugin. Thanks to Evan Martin and Chris Toshok for figuring this out - add debian/patches/avoid_icedtea_symbol_collision.dpatch - update debian/patches/00list Checksums-Sha1: d88f0b1c0598319f6ad94859c0201586642b31b6 1872 moon_1.0.1-3ubuntu0.xul191build1.9.10.2.dsc c56f334ccee14dc2e0e6f249d30cfc57482c8570 17864 moon_1.0.1-3ubuntu0.xul191build1.9.10.2.diff.gz Checksums-Sha256: 8b5ec3ffb721cf87df7ba2dcecdcf203f3aeb36cd6223674733fbd2bcf87bdec 1872 moon_1.0.1-3ubuntu0.xul191build1.9.10.2.dsc 83cc70018830196eaaf61eac851fa36fc0202d8d235a2e043f137f733cd6360e 17864 moon_1.0.1-3ubuntu0.xul191build1.9.10.2.diff.gz Files: 5147a926aca154d28e12f92e9549b662 1872 web optional moon_1.0.1-3ubuntu0.xul191build1.9.10.2.dsc 16670c1e73223976fec0f4112b4ca6c7 17864 web optional moon_1.0.1-3ubuntu0.xul191build1.9.10.2.diff.gz Original-Maintainer: Debian Mono Group From sladen at ubuntu.com Tue Feb 1 13:35:41 2011 From: sladen at ubuntu.com (Paul Sladen) Date: Tue, 01 Feb 2011 13:35:41 -0000 Subject: [ubuntu/karmic-proposed] ubuntu-font-family-sources 0.70.1-0ubuntu1~karmic2 (Accepted) Message-ID: <20110201133541.22720.36180.launchpad@cocoplum.canonical.com> ubuntu-font-family-sources (0.70.1-0ubuntu1~karmic2) karmic-proposed; urgency=low * SRU for Ubuntu 9.10 (LP: #709980) Date: Sun, 30 Jan 2011 02:15:00 +0000 Changed-By: Paul Sladen Maintainer: Paul Sladen Signed-By: Paul Sladen https://launchpad.net/ubuntu/karmic/+source/ubuntu-font-family-sources/0.70.1-0ubuntu1~karmic2 -------------- next part -------------- Format: 1.8 Date: Sun, 30 Jan 2011 02:15:00 +0000 Source: ubuntu-font-family-sources Binary: ttf-ubuntu-font-family Architecture: source Version: 0.70.1-0ubuntu1~karmic2 Distribution: karmic-proposed Urgency: low Maintainer: Paul Sladen Changed-By: Paul Sladen Description: ttf-ubuntu-font-family - Ubuntu Font Family, sans-serif typeface hinted for clarity Launchpad-Bugs-Fixed: 709980 Changes: ubuntu-font-family-sources (0.70.1-0ubuntu1~karmic2) karmic-proposed; urgency=low . * SRU for Ubuntu 9.10 (LP: #709980) Checksums-Sha1: 04ecfb3f7c50bb7c5fe86fd616b571c470d13b1d 1203 ubuntu-font-family-sources_0.70.1-0ubuntu1~karmic2.dsc 1d678d366a6b41956e55b6e4e64fafd9803494b7 5214 ubuntu-font-family-sources_0.70.1-0ubuntu1~karmic2.diff.gz Checksums-Sha256: 5bc960e2b0af5e19ae3907bfeac97898a9e59b03d8ee1ca6d137fc1d2b174ab7 1203 ubuntu-font-family-sources_0.70.1-0ubuntu1~karmic2.dsc 66eb4ceca4a666200d2f59aa03fd31cfd0e862d5f44a98d7463c65eaa92c94ed 5214 ubuntu-font-family-sources_0.70.1-0ubuntu1~karmic2.diff.gz Files: 044f68ebc37659c66c9a95478d266173 1203 fonts optional ubuntu-font-family-sources_0.70.1-0ubuntu1~karmic2.dsc a028375baf31ea014f0eced299a2ad1c 5214 fonts optional ubuntu-font-family-sources_0.70.1-0ubuntu1~karmic2.diff.gz From archive at ubuntu.com Tue Feb 1 14:05:50 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 01 Feb 2011 14:05:50 -0000 Subject: [ubuntu/karmic-security] subversion_1.6.5dfsg-1ubuntu1.1_i386_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_powerpc_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_armel_translations.tar.gz, subversion, subversion_1.6.5dfsg-1ubuntu1.1_amd64_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_ia64_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_lpia_translations.tar.gz, subversion_1.6.5dfsg-1ubuntu1.1_sparc_translations.tar.gz (delayed) 1.6.5dfsg-1ubuntu1.1 (Accepted) Message-ID: <20110201140550.28811.80653.launchpad@cocoplum.canonical.com> subversion (1.6.5dfsg-1ubuntu1.1) karmic-security; urgency=low * SECURITY UPDATE: restriction bypass via named repo as a rule scope - debian/patches/CVE-2010-3315.patch: use repo_basename in subversion/mod_dav_svn/authz.c. - CVE-2010-3315 * SECURITY UPDATE: denial of service via SVNParentPath walking - debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath collection in subversion/mod_dav_svn/repos.c. - CVE-2010-4539 * SECURITY UPDATE: denial of service via -g memory leaks - debian/patches/CVE-2010-4644.patch: improve logic in subversion/libsvn_repos/rev_hunt.c. - CVE-2010-4644 Date: Fri, 14 Jan 2011 12:39:35 -0600 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/subversion/1.6.5dfsg-1ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Fri, 14 Jan 2011 12:39:35 -0600 Source: subversion Binary: subversion libsvn1 libsvn-dev libsvn-doc libapache2-svn python-subversion python-subversion-dbg subversion-tools libsvn-java libsvn-perl libsvn-ruby1.8 libsvn-ruby Architecture: source Version: 1.6.5dfsg-1ubuntu1.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1 - Shared libraries used by Subversion python-subversion - Python bindings for Subversion python-subversion-dbg - Python bindings for Subversion (debug extension) subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion Changes: subversion (1.6.5dfsg-1ubuntu1.1) karmic-security; urgency=low . * SECURITY UPDATE: restriction bypass via named repo as a rule scope - debian/patches/CVE-2010-3315.patch: use repo_basename in subversion/mod_dav_svn/authz.c. - CVE-2010-3315 * SECURITY UPDATE: denial of service via SVNParentPath walking - debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath collection in subversion/mod_dav_svn/repos.c. - CVE-2010-4539 * SECURITY UPDATE: denial of service via -g memory leaks - debian/patches/CVE-2010-4644.patch: improve logic in subversion/libsvn_repos/rev_hunt.c. - CVE-2010-4644 Checksums-Sha1: f7f33c9ec72584c5fd72654ddeaa4a514e1de76a 2667 subversion_1.6.5dfsg-1ubuntu1.1.dsc d1988e1742d5be64e14380f8f3ec82d18ad82fd8 96345 subversion_1.6.5dfsg-1ubuntu1.1.diff.gz Checksums-Sha256: 55e460b61ae88481efd5bf1f912b907b0d84e51a528a1bf0552cb536e351e402 2667 subversion_1.6.5dfsg-1ubuntu1.1.dsc cce7d298685262c6ca588aa5f68e7d1f45d0226eab413707fbcb132675f5a0f6 96345 subversion_1.6.5dfsg-1ubuntu1.1.diff.gz Files: daa5708ecf2b7e4138198251002be635 2667 vcs optional subversion_1.6.5dfsg-1ubuntu1.1.dsc 5817c173a3832f3dc38e0356c291c3d4 96345 vcs optional subversion_1.6.5dfsg-1ubuntu1.1.diff.gz Original-Maintainer: Peter Samuelson From archive at ubuntu.com Tue Feb 1 21:06:17 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 01 Feb 2011 21:06:17 -0000 Subject: [ubuntu/karmic-security] openjdk-6b18 (delayed), openjdk-6b18 6b18-1.8.5-0ubuntu1~9.10.1 (Accepted) Message-ID: <20110201210617.12718.17738.launchpad@cocoplum.canonical.com> openjdk-6b18 (6b18-1.8.5-0ubuntu1~9.10.1) karmic-security; urgency=low * IcedTea6 1.8.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. Date: Thu, 27 Jan 2011 11:00:24 -0800 Changed-By: Steve Beattie Maintainer: OpenJDK Team https://launchpad.net/ubuntu/karmic/+source/openjdk-6b18/6b18-1.8.5-0ubuntu1~9.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 27 Jan 2011 11:00:24 -0800 Source: openjdk-6b18 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b18-1.8.5-0ubuntu1~9.10.1 Distribution: karmic-security Urgency: low Maintainer: OpenJDK Team Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark Changes: openjdk-6b18 (6b18-1.8.5-0ubuntu1~9.10.1) karmic-security; urgency=low . * IcedTea6 1.8.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. Checksums-Sha1: 72b78a6e4ca1911590b2f9a0fd559d124058ec05 2997 openjdk-6b18_6b18-1.8.5-0ubuntu1~9.10.1.dsc 80ba4e92b7fb607bf027a16f1f2fc6273b5b46ba 71411043 openjdk-6b18_6b18-1.8.5.orig.tar.gz f41c01f4bfa7e64f2e31063a39c7f9224ed63876 131802 openjdk-6b18_6b18-1.8.5-0ubuntu1~9.10.1.diff.gz Checksums-Sha256: acc698540b815d6b4ba64ce0d205386f242146b6c7138fc56d0f339611ac4312 2997 openjdk-6b18_6b18-1.8.5-0ubuntu1~9.10.1.dsc 1a7c1c81bcd638e5a621f03943e10c616610eeb3d10726d13503ef3d0157deb8 71411043 openjdk-6b18_6b18-1.8.5.orig.tar.gz 3b8e71f14d4c7804382b9852df0d57ccfca61ed2bcd207f179c0a500091d48cc 131802 openjdk-6b18_6b18-1.8.5-0ubuntu1~9.10.1.diff.gz Files: 595fc33270e578ea4b81d23e557c53ec 2997 java optional openjdk-6b18_6b18-1.8.5-0ubuntu1~9.10.1.dsc bd54d036357114075c6d4cfb162cb3ad 71411043 java optional openjdk-6b18_6b18-1.8.5.orig.tar.gz 6e88eb789ee0d06c18b07194af10bb93 131802 java optional openjdk-6b18_6b18-1.8.5-0ubuntu1~9.10.1.diff.gz From archive at ubuntu.com Tue Feb 1 21:06:33 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 01 Feb 2011 21:06:33 -0000 Subject: [ubuntu/karmic-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.5-0ubuntu1~9.10.1 (Accepted) Message-ID: <20110201210633.12718.93891.launchpad@cocoplum.canonical.com> openjdk-6 (6b20-1.9.5-0ubuntu1~9.10.1) karmic-security; urgency=low * IcedTea6 1.9.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. Date: Thu, 27 Jan 2011 11:56:02 -0800 Changed-By: Steve Beattie Maintainer: OpenJDK Team https://launchpad.net/ubuntu/karmic/+source/openjdk-6/6b20-1.9.5-0ubuntu1~9.10.1 -------------- next part -------------- Format: 1.8 Date: Thu, 27 Jan 2011 11:56:02 -0800 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: source Version: 6b20-1.9.5-0ubuntu1~9.10.1 Distribution: karmic-security Urgency: low Maintainer: OpenJDK Team Changed-By: Steve Beattie Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b20-1.9.5-0ubuntu1~9.10.1) karmic-security; urgency=low . * IcedTea6 1.9.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. Checksums-Sha1: 19a8f29e20799701fead3608e60d297dd89c42cb 3018 openjdk-6_6b20-1.9.5-0ubuntu1~9.10.1.dsc af31b860879bddaa6c3754450198072829f0db3e 73242981 openjdk-6_6b20-1.9.5.orig.tar.gz 39745b25c30e6a450b0205df4c74c4b9c1ce3220 130663 openjdk-6_6b20-1.9.5-0ubuntu1~9.10.1.diff.gz Checksums-Sha256: da2049d9f4a138d89acb047139b0d901170c247bae8b4bdf39d7ca6800d8bdc1 3018 openjdk-6_6b20-1.9.5-0ubuntu1~9.10.1.dsc 083ba959b06c8ba0c8ee50fa971cc640fd7c8c585c5f7bdc808b3a717a539f95 73242981 openjdk-6_6b20-1.9.5.orig.tar.gz f11ab7a2647efe1ba202214109c2740a4d4c2eb56f2954b543729616b380d107 130663 openjdk-6_6b20-1.9.5-0ubuntu1~9.10.1.diff.gz Files: d3cc6e1842be3094f39ef33e7de3f353 3018 java optional openjdk-6_6b20-1.9.5-0ubuntu1~9.10.1.dsc a46692c197b9d63625a0593f0f5261a1 73242981 java optional openjdk-6_6b20-1.9.5.orig.tar.gz 07167b8caf223fe920ac0c361e42344c 130663 java optional openjdk-6_6b20-1.9.5-0ubuntu1~9.10.1.diff.gz From archive at ubuntu.com Wed Feb 2 21:47:17 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 02 Feb 2011 21:47:17 -0000 Subject: [ubuntu/karmic-security] openoffice.org_3.1.1-5ubuntu1.3_powerpc_translations.tar.gz, openoffice.org_3.1.1-5ubuntu1.3_sparc_translations.tar.gz (delayed), openoffice.org, openoffice.org_3.1.1-5ubuntu1.3_ia64_translations.tar.gz, openoffice.org_3.1.1-5ubuntu1.3_lpia_translations.tar.gz, openoffice.org_3.1.1-5ubuntu1.3_i386_translations.tar.gz, openoffice.org_3.1.1-5ubuntu1.3_amd64_translations.tar.gz, openoffice.org_3.1.1-5ubuntu1.3_armel_translations.tar.gz 1:3.1.1-5ubuntu1.3 (Accepted) Message-ID: <20110202214717.12548.10006.launchpad@cocoplum.canonical.com> openoffice.org (1:3.1.1-5ubuntu1.3) karmic-security; urgency=low * SECURITY UPDATE: multiple OpenOffice.org vulnerabilities. - ooo-build/patches/dev300/SA40775.diff: buffer overflow fixes from upstream, patch thanks to Rene Engelhard (CVE-2010-2935, CVE-2010-2936). - ooo-build/patches/dev300/tread-invalid-path-segments-correctly.diff: directory traversal fixes from upstream, patch thanks to Rene Engelhard (CVE-2010-3450). - ooo-build/patches/dev300/cws-hb22.diff: multiple fixes from upstream, patch thanks to Rene Engelhard. - corrupt table model in RTF parser (CVE-2010-3451) - SwRTFParser::ReadNumSecLevel (CVE-2010-3452) - WW8ListManager::WW8ListManager (CVE-2010-3453) - WW8DopTypography::ReadFromMem (CVE-2010-3454) - LD_LIBRARY_PATH current directory injection (CVE-2010-3689) - ooo-build/patches/dev300/security-fixes-drom-cws-os145.diff: heap overflow in PPT fix from upstream, patch thanks to Rene Engelhard (CVE-2010-4253). - ooo-build/patches/dev300/security-fixes-from-cws-impress208.diff: heap overflow in TGA fix from upstream, patch thanks to Rene Engelhard (CVE-2010-4643). Date: Tue, 25 Jan 2011 13:48:32 -0800 Changed-By: Kees Cook Maintainer: Ubuntu Core Developers https://launchpad.net/ubuntu/karmic/+source/openoffice.org/1:3.1.1-5ubuntu1.3 -------------- next part -------------- Format: 1.8 Date: Tue, 25 Jan 2011 13:48:32 -0800 Source: openoffice.org Binary: openoffice.org broffice.org openoffice.org-l10n-za openoffice.org-l10n-in openoffice.org-core openoffice.org-common openoffice.org-java-common openoffice.org-writer openoffice.org-calc openoffice.org-impress openoffice.org-draw openoffice.org-math openoffice.org-base-core openoffice.org-base openoffice.org-style-crystal openoffice.org-style-oxygen openoffice.org-style-industrial openoffice.org-style-tango openoffice.org-style-human openoffice.org-style-hicontrast openoffice.org-style-galaxy openoffice.org-style-andromeda openoffice.org-gtk openoffice.org-gnome openoffice.org-evolution openoffice.org-emailmerge python-uno openoffice.org-officebean openoffice.org-filter-binfilter openoffice.org-filter-mobiledev libmythes-dev openoffice.org-dtd-officedocument1.0 uno-libs3 uno-libs3-dbg ure ure-dbg openoffice.org-gcj cli-uno-bridge libuno-cli-basetypes1.0-cil libuno-cli-uretypes1.0-cil libuno-cli-oootypes1.0-cil libuno-cli-cppuhelper1.0-cil libuno-cli-ure1.0-cil mozilla-openoffice.org openoffice.org-ogltrans openoffice.org-wiki-publisher openoffice.org-report-builder openoffice.org-report-builder-bin openoffice.org-presentation-minimizer openoffice.org-presenter-console openoffice.org-pdfimport ttf-opensymbol openoffice.org-dev openoffice.org-dev-doc openoffice.org-kde openoffice.org-kab openoffice.org-sdbc-postgresql Architecture: source Version: 1:3.1.1-5ubuntu1.3 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Core Developers Changed-By: Kees Cook Description: broffice.org - full-featured office productivity suite -- BrOffice.org branding cli-uno-bridge - OpenOffice.org bindings for Mono CLI libmythes-dev - simple thesaurus library -- development files libuno-cli-basetypes1.0-cil - OpenOffice.org bindings for Mono CLI -- base types libuno-cli-cppuhelper1.0-cil - OpenOffice.org bindings for Mono CLI -- bootstrapping library libuno-cli-oootypes1.0-cil - OpenOffice.org bindings for Mono CLI -- OpenOffice.org type libra libuno-cli-ure1.0-cil - OpenOffice.org bindings for Mono CLI -- helper classes libuno-cli-uretypes1.0-cil - OpenOffice.org bindings for Mono CLI -- URE type library mozilla-openoffice.org - full-featured office productivity suite -- Mozilla plugin openoffice.org - full-featured office productivity suite openoffice.org-base - full-featured office productivity suite -- database openoffice.org-base-core - full-featured office productivity suite -- shared library openoffice.org-calc - full-featured office productivity suite -- spreadsheet openoffice.org-common - full-featured office productivity suite -- arch-independent files openoffice.org-core - full-featured office productivity suite -- arch-dependent files openoffice.org-dev - full-featured office productivity suite -- SDK openoffice.org-dev-doc - full-featured office productivity suite -- SDK documentation openoffice.org-draw - full-featured office productivity suite -- drawing openoffice.org-dtd-officedocument1.0 - full-featured office productivity suite -- legacy 1.0 XML DTD openoffice.org-emailmerge - full-featured office productivity suite -- email mail merge openoffice.org-evolution - full-featured office productivity suite -- Evolution addressbook openoffice.org-filter-binfilter - full-featured office productivity suite -- legacy filters (e.g. S openoffice.org-filter-mobiledev - full-featured office productivity suite -- mobile devices filters openoffice.org-gcj - full-featured office productivity suite -- Java libraries for GIJ openoffice.org-gnome - full-featured office productivity suite -- GNOME integration openoffice.org-gtk - full-featured office productivity suite -- GTK+ integration openoffice.org-impress - full-featured office productivity suite -- presentation openoffice.org-java-common - full-featured office productivity suite -- arch-independent Java openoffice.org-kab - full-featured office productivity suite -- KDE adressbook support openoffice.org-kde - full-featured office productivity suite -- KDE integration openoffice.org-l10n-in - full-featured office productivity suite -- Indic language package openoffice.org-l10n-za - full-featured office productivity suite -- South African language openoffice.org-math - full-featured office productivity suite -- equation editor openoffice.org-officebean - full-featured office productivity suite -- Java bean openoffice.org-ogltrans - OpenOffice.org Impress extension for transitions using OpenGL openoffice.org-pdfimport - OpenOffice.org extension for importing PDF documents openoffice.org-presentation-minimizer - OpenOffice.org extension for size-efficient presentations openoffice.org-presenter-console - OpenOffice.org Impress extension for a separate presenter's conso openoffice.org-report-builder - OpenOffice.org extension for building database reports openoffice.org-report-builder-bin - OpenOffice.org extension for building database reports -- librari openoffice.org-sdbc-postgresql - OpenOffice.org extension for PostgreSQL SDBC driver openoffice.org-style-andromeda - full-featured office productivity suite -- Andromeda (Classic) sy openoffice.org-style-crystal - full-featured office productivity suite -- Crystal symbol style openoffice.org-style-galaxy - full-featured office productivity suite -- Galaxy (Default) symbo openoffice.org-style-hicontrast - full-featured office productivity suite -- Hicontrast symbol styl openoffice.org-style-human - Human symbol style for OpenOffice.org openoffice.org-style-industrial - full-featured office productivity suite -- Industrial symbol styl openoffice.org-style-oxygen - full-featured office productivity suite -- Oxygen symbol style openoffice.org-style-tango - full-featured office productivity suite -- Tango symbol style openoffice.org-wiki-publisher - OpenOffice.org extension for working with MediaWiki articles openoffice.org-writer - full-featured office productivity suite -- word processor python-uno - full-featured office productivity suite -- Python interface ttf-opensymbol - OpenSymbol TrueType font uno-libs3 - OpenOffice.org UNO runtime environment -- public shared libraries uno-libs3-dbg - OpenOffice.org UNO runtime environment -- public shared library d ure - OpenOffice.org UNO runtime environment ure-dbg - OpenOffice.org UNO runtime environment -- debug symbols Changes: openoffice.org (1:3.1.1-5ubuntu1.3) karmic-security; urgency=low . * SECURITY UPDATE: multiple OpenOffice.org vulnerabilities. - ooo-build/patches/dev300/SA40775.diff: buffer overflow fixes from upstream, patch thanks to Rene Engelhard (CVE-2010-2935, CVE-2010-2936). - ooo-build/patches/dev300/tread-invalid-path-segments-correctly.diff: directory traversal fixes from upstream, patch thanks to Rene Engelhard (CVE-2010-3450). - ooo-build/patches/dev300/cws-hb22.diff: multiple fixes from upstream, patch thanks to Rene Engelhard. - corrupt table model in RTF parser (CVE-2010-3451) - SwRTFParser::ReadNumSecLevel (CVE-2010-3452) - WW8ListManager::WW8ListManager (CVE-2010-3453) - WW8DopTypography::ReadFromMem (CVE-2010-3454) - LD_LIBRARY_PATH current directory injection (CVE-2010-3689) - ooo-build/patches/dev300/security-fixes-drom-cws-os145.diff: heap overflow in PPT fix from upstream, patch thanks to Rene Engelhard (CVE-2010-4253). - ooo-build/patches/dev300/security-fixes-from-cws-impress208.diff: heap overflow in TGA fix from upstream, patch thanks to Rene Engelhard (CVE-2010-4643). Checksums-Sha1: 0ab701db8168b8b1df1e133528ad68ba05612b96 8315 openoffice.org_3.1.1-5ubuntu1.3.dsc 778d15a53334a3d0edfe816f39f04831abccc7ae 98394550 openoffice.org_3.1.1-5ubuntu1.3.diff.gz Checksums-Sha256: d509f496bf961f719da373cf5fac1b7fbe7d1651a43916ef1bb28e9c691b6045 8315 openoffice.org_3.1.1-5ubuntu1.3.dsc 4b975045654849dd15af4cecbc9b584c75876561d94facd59372683ceffbd9e7 98394550 openoffice.org_3.1.1-5ubuntu1.3.diff.gz Files: 67086789cfeefd26dc5c55a977aaeda2 8315 editors optional openoffice.org_3.1.1-5ubuntu1.3.dsc 37e6237b2bbb0f77ba6f8a1dcadbc2ef 98394550 editors optional openoffice.org_3.1.1-5ubuntu1.3.diff.gz Original-Maintainer: Debian OpenOffice Team From brian.thomason at canonical.com Wed Feb 9 02:00:29 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Wed, 09 Feb 2011 02:00:29 -0000 Subject: [ubuntu/karmic] adobe-flashplugin 10.2.152.27-0karmic1 (Accepted) Message-ID: <20110209020029.28018.67695.launchpad@cocoplum.canonical.com> adobe-flashplugin (10.2.152.27-0karmic1) karmic; urgency=low * Initial release of 10.2.152.27 for Karmic Date: Tue, 08 Feb 2011 20:50:11 -0500 Changed-By: Brian Thomason Maintainer: DL-Flash Player Ubuntu https://launchpad.net/ubuntu/karmic/+source/adobe-flashplugin/10.2.152.27-0karmic1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 08 Feb 2011 20:50:11 -0500 Source: adobe-flashplugin Binary: adobe-flashplugin Architecture: source Version: 10.2.152.27-0karmic1 Distribution: karmic Urgency: low Maintainer: DL-Flash Player Ubuntu Changed-By: Brian Thomason Description: adobe-flashplugin - Adobe Flash Player plugin version 10 Changes: adobe-flashplugin (10.2.152.27-0karmic1) karmic; urgency=low . * Initial release of 10.2.152.27 for Karmic Checksums-Sha1: b093562bc19aade14820acbddcb7baa3fb7481c6 1164 adobe-flashplugin_10.2.152.27-0karmic1.dsc abad97dd127f5f8017d845ddcb895003efda91fa 3540 adobe-flashplugin_10.2.152.27-0karmic1.diff.gz Checksums-Sha256: ddec45ed78647b845965ef0404bda042943b8a30784267f491a241d9def5a867 1164 adobe-flashplugin_10.2.152.27-0karmic1.dsc f3a3d482b1a744ff2eb0e1d458661fac687c09052c3af47a5f15053c910fb7b5 3540 adobe-flashplugin_10.2.152.27-0karmic1.diff.gz Files: 10ea95ab705716d8d4e4914069bd6628 1164 partner/web optional adobe-flashplugin_10.2.152.27-0karmic1.dsc 1244a858efd6693d8253276177bf948e 3540 partner/web optional adobe-flashplugin_10.2.152.27-0karmic1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1R8u4ACgkQOb4zNfJqN5f6lwCghKyTbDffVAMr3X9e0ohjzgqp ODUAn0yW/uChX8BOYL2+MuTlwiYTmc33 =ueKM -----END PGP SIGNATURE----- From archive at ubuntu.com Wed Feb 9 17:03:36 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Wed, 09 Feb 2011 17:03:36 -0000 Subject: [ubuntu/karmic-security] flashplugin-nonfree, flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1_amd64_translations.tar.gz, flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1_i386_translations.tar.gz, flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1_lpia_translations.tar.gz (delayed) 10.2.152.27ubuntu0.9.10.1 (Accepted) Message-ID: <20110209170336.32168.28597.launchpad@cocoplum.canonical.com> flashplugin-nonfree (10.2.152.27ubuntu0.9.10.1) karmic-security; urgency=low * SECURITY UPDATE: New upstream release 10.2.152.27 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0558 - CVE-2011-0559 - CVE-2011-0560 - CVE-2011-0561 - CVE-2011-0571 - CVE-2011-0572 - CVE-2011-0573 - CVE-2011-0574 - CVE-2011-0575 - CVE-2011-0577 - CVE-2011-0578 - CVE-2011-0607 - CVE-2011-0608 Date: Wed, 09 Feb 2011 09:08:44 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/flashplugin-nonfree/10.2.152.27ubuntu0.9.10.1 -------------- next part -------------- Format: 1.8 Date: Wed, 09 Feb 2011 09:08:44 -0500 Source: flashplugin-nonfree Binary: flashplugin-installer flashplugin-nonfree Architecture: source Version: 10.2.152.27ubuntu0.9.10.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: flashplugin-installer - Adobe Flash Player plugin installer flashplugin-nonfree - Adobe Flash Player plugin installer (transitional package) Changes: flashplugin-nonfree (10.2.152.27ubuntu0.9.10.1) karmic-security; urgency=low . * SECURITY UPDATE: New upstream release 10.2.152.27 - debian/config, debian/postinst: Updated sha256sums and path. - CVE-2011-0558 - CVE-2011-0559 - CVE-2011-0560 - CVE-2011-0561 - CVE-2011-0571 - CVE-2011-0572 - CVE-2011-0573 - CVE-2011-0574 - CVE-2011-0575 - CVE-2011-0577 - CVE-2011-0578 - CVE-2011-0607 - CVE-2011-0608 Checksums-Sha1: a421fdc71f1aa717fd6f59f1a85fa630abbd28e3 1635 flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1.dsc 78e81af92ebd00a38f341d7fe2d8c284a0f33a8c 25612 flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1.tar.gz Checksums-Sha256: b5efd06a91c35361e364bbd6df8abd4845dcdba4fa73cd8143d41d7b388119eb 1635 flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1.dsc 657b4f763eacd3c12e11c9dbd27a284b200fa622a11ff44ea0c08614d09390e4 25612 flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1.tar.gz Files: 0d41837fdafb5dc2d1effbcbd59989e2 1635 contrib/web optional flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1.dsc 99c3e17d6559ef7363ebf576403fe635 25612 contrib/web optional flashplugin-nonfree_10.2.152.27ubuntu0.9.10.1.tar.gz Original-Maintainer: Bart Martens From archive at ubuntu.com Fri Feb 11 01:04:37 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Fri, 11 Feb 2011 01:04:37 -0000 Subject: [ubuntu/karmic-security] italc_1.0.9.1-0ubuntu16.1_powerpc_translations.tar.gz, italc_1.0.9.1-0ubuntu16.1_sparc_translations.tar.gz (delayed), italc_1.0.9.1-0ubuntu16.1_ia64_translations.tar.gz, italc_1.0.9.1-0ubuntu16.1_amd64_translations.tar.gz, italc_1.0.9.1-0ubuntu16.1_lpia_translations.tar.gz, italc_1.0.9.1-0ubuntu16.1_i386_translations.tar.gz, italc_1.0.9.1-0ubuntu16.1_armel_translations.tar.gz, italc 1:1.0.9.1-0ubuntu16.1 (Accepted) Message-ID: <20110211010437.27184.5583.launchpad@cocoplum.canonical.com> italc (1:1.0.9.1-0ubuntu16.1) karmic-security; urgency=low * SECURITY UPDATE: private keys potentially reused from liveCD. - debian/italc-client.postinst: re-generate the private and public keys when they match one of the Edubuntu Live DVD ones (LP: #714864) - CVE-2011-0724 Date: Mon, 07 Feb 2011 22:21:23 -0500 Changed-By: Stéphane Graber Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/italc/1:1.0.9.1-0ubuntu16.1 -------------- next part -------------- Format: 1.8 Date: Mon, 07 Feb 2011 22:21:23 -0500 Source: italc Binary: italc-master italc-client libitalc Architecture: source Version: 1:1.0.9.1-0ubuntu16.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Stéphane Graber Description: italc-client - Intelligent Teaching and Learning with Computers (client part) italc-master - Intelligent Teaching and Learning with Computers (master part) libitalc - Intelligent Teaching and Learning with Computers (library) Changes: italc (1:1.0.9.1-0ubuntu16.1) karmic-security; urgency=low . * SECURITY UPDATE: private keys potentially reused from liveCD. - debian/italc-client.postinst: re-generate the private and public keys when they match one of the Edubuntu Live DVD ones (LP: #714864) - CVE-2011-0724 Checksums-Sha1: 64164dea5ce2ae73866e3e9d8aaa1284a2d96706 1920 italc_1.0.9.1-0ubuntu16.1.dsc 7448eaa13848826d2e102ad93e7d24107fe73d50 16671 italc_1.0.9.1-0ubuntu16.1.diff.gz Checksums-Sha256: c8fc2716cd6d414ea01ad7a0e4822c2d284d5ccba1fd2679d471e20f7d45ef1e 1920 italc_1.0.9.1-0ubuntu16.1.dsc 3cd7a6c207144f93859d19f61c48b3a6f174853f72a46418493be73e43c3f01c 16671 italc_1.0.9.1-0ubuntu16.1.diff.gz Files: 08011f20c0f1ef67bc9585cb1e7b1afd 1920 x11 optional italc_1.0.9.1-0ubuntu16.1.dsc 1463aaba5c51b8cec0d60b95f748604e 16671 x11 optional italc_1.0.9.1-0ubuntu16.1.diff.gz Launchpad-Bugs-Fixed: 714864 Original-Maintainer: Patrick Winnertz From gary.lasker at canonical.com Mon Feb 14 07:39:10 2011 From: gary.lasker at canonical.com (Gary Lasker) Date: Mon, 14 Feb 2011 07:39:10 -0000 Subject: [ubuntu/karmic-proposed] tzdata 2011b-0ubuntu0.9.10 (Accepted) Message-ID: <20110214073910.2816.54049.launchpad@wampee.canonical.com> tzdata (2011b-0ubuntu0.9.10) karmic-proposed; urgency=low * New upstream release 2011b: (LP: #716831) - South Australia: Update historic DST rules - Hawaii: Update historic DST rules - zone.tab: America/North_Dakota/Beulah - add new time zone, Asia/Makassar, Asia/Jayapura - update terms for Indonesian islands Date: Sun, 13 Feb 2011 17:05:49 -0500 Changed-By: Gary Lasker Maintainer: Ubuntu Developers Signed-By: Martin Pitt https://launchpad.net/ubuntu/karmic/+source/tzdata/2011b-0ubuntu0.9.10 -------------- next part -------------- Format: 1.8 Date: Sun, 13 Feb 2011 17:05:49 -0500 Source: tzdata Binary: tzdata tzdata-java Architecture: source Version: 2011b-0ubuntu0.9.10 Distribution: karmic-proposed Urgency: low Maintainer: Ubuntu Developers Changed-By: Gary Lasker Description: tzdata - time zone and daylight-saving time data tzdata-java - time zone and daylight-saving time data for use by java runtimes Launchpad-Bugs-Fixed: 716831 Changes: tzdata (2011b-0ubuntu0.9.10) karmic-proposed; urgency=low . * New upstream release 2011b: (LP: #716831) - South Australia: Update historic DST rules - Hawaii: Update historic DST rules - zone.tab: America/North_Dakota/Beulah - add new time zone, Asia/Makassar, Asia/Jayapura - update terms for Indonesian islands Checksums-Sha1: c7a404e8568752e22dced2d9f03ad846d47253a5 1886 tzdata_2011b-0ubuntu0.9.10.dsc 0222d6cb2057239b96f7d16fd2a5434091d5a8c4 193030 tzdata_2011b.orig.tar.gz c23d70cda0eae320d504d24930bf6efa68d7f070 245933 tzdata_2011b-0ubuntu0.9.10.diff.gz Checksums-Sha256: a16945019174262fce98a013e0ac9029e11f6dd553edf495516cb322bd5e15e9 1886 tzdata_2011b-0ubuntu0.9.10.dsc ff45f5ddc2ec925249626d00d7bc2ffff587e0956a1d8245517a023bf27e4cc9 193030 tzdata_2011b.orig.tar.gz 701bef81a9ddd27192f6ab32a62adeb45999213b1e77d8269988a973562dd293 245933 tzdata_2011b-0ubuntu0.9.10.diff.gz Files: dc71e01c25383cd8148b3b98dcf870dd 1886 libs required tzdata_2011b-0ubuntu0.9.10.dsc 9eaf3ca354c42a32bd28e623539bf0e0 193030 libs required tzdata_2011b.orig.tar.gz 9d15346e623e1ec5ef8bd961147f440e 245933 libs required tzdata_2011b-0ubuntu0.9.10.diff.gz Original-Maintainer: GNU Libc Maintainers From archive at ubuntu.com Mon Feb 14 19:04:02 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 14 Feb 2011 19:04:02 -0000 Subject: [ubuntu/karmic-security] qemu-kvm, qemu-kvm (delayed) 0.11.0-0ubuntu6.4 (Accepted) Message-ID: <20110214190402.3291.47140.launchpad@cocoplum.canonical.com> qemu-kvm (0.11.0-0ubuntu6.4) karmic-security; urgency=low * SECURITY UPDATE: Setting VNC password to empty string silently disables all authentication (LP: #697197) - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson. - CVE-2011-0011 Date: Fri, 11 Feb 2011 17:46:26 -0600 Changed-By: Dustin Kirkland Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/qemu-kvm/0.11.0-0ubuntu6.4 -------------- next part -------------- Format: 1.8 Date: Fri, 11 Feb 2011 17:46:26 -0600 Source: qemu-kvm Binary: qemu-kvm qemu-kvm-extras qemu-arm-static kvm qemu Architecture: source Version: 0.11.0-0ubuntu6.4 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Dustin Kirkland Description: kvm - dummy transitional pacakge for qemu-kvm qemu - dummy transitional pacakge for qemu-kvm qemu-arm-static - static qemu-arm binary that enables to use arm chroots qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures Changes: qemu-kvm (0.11.0-0ubuntu6.4) karmic-security; urgency=low . * SECURITY UPDATE: Setting VNC password to empty string silently disables all authentication (LP: #697197) - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson. - CVE-2011-0011 Checksums-Sha1: 46fb18016b334c7147910cc95579d96cee95552a 2056 qemu-kvm_0.11.0-0ubuntu6.4.dsc dd78315154a2c104f72e5a1812b7f7de9a3d3dee 49951 qemu-kvm_0.11.0-0ubuntu6.4.diff.gz Checksums-Sha256: a49b5422a218d0e231ed4ef6161b0d5c4d534447b1916cde6ace8ff799a7b461 2056 qemu-kvm_0.11.0-0ubuntu6.4.dsc 1449205b35cd9e70264d4a17a4839df0c8b27b3ec947e4c97e97e16a1bb4c842 49951 qemu-kvm_0.11.0-0ubuntu6.4.diff.gz Files: ce3fa0319c9d0c0f07c5264d1c89f4aa 2056 misc optional qemu-kvm_0.11.0-0ubuntu6.4.dsc b1eb8586a033e224d929ffee2f372e7b 49951 misc optional qemu-kvm_0.11.0-0ubuntu6.4.diff.gz Launchpad-Bugs-Fixed: 697197 From archive at ubuntu.com Tue Feb 15 00:04:19 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 15 Feb 2011 00:04:19 -0000 Subject: [ubuntu/karmic-security] krb5, krb5_1.7dfsg~beta3-1ubuntu0.9_lpia_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.9_sparc_translations.tar.gz (delayed), krb5_1.7dfsg~beta3-1ubuntu0.9_armel_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.9_powerpc_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.9_amd64_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.9_ia64_translations.tar.gz, krb5_1.7dfsg~beta3-1ubuntu0.9_i386_translations.tar.gz 1.7dfsg~beta3-1ubuntu0.9 (Accepted) Message-ID: <20110215000419.19771.61827.launchpad@cocoplum.canonical.com> krb5 (1.7dfsg~beta3-1ubuntu0.9) karmic-security; urgency=low * SECURITY UPDATE: kpropd denial of service via invalid network input - src/slave/kpropd.c: don't return on kpropd child exit; applied inline. - CVE-2010-4022 - MITKRB5-SA-2011-001 * SECURITY UPDATE: kdc denial of service from unauthenticated remote attackers - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h, src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c, src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c, src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: applied inline - CVE-2011-0281 - CVE-2011-0282 - MITKRB5-SA-2011-002 Date: Wed, 09 Feb 2011 14:46:49 -0800 Changed-By: Steve Beattie Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/krb5/1.7dfsg~beta3-1ubuntu0.9 -------------- next part -------------- Format: 1.8 Date: Wed, 09 Feb 2011 14:46:49 -0800 Source: krb5 Binary: krb5-user krb5-clients krb5-rsh-server krb5-ftpd krb5-telnetd krb5-kdc krb5-kdc-ldap krb5-admin-server libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv6 libkadm5clnt6 libk5crypto3 libkdb5-4 libkrb5support0 Architecture: source Version: 1.7dfsg~beta3-1ubuntu0.9 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Steve Beattie Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-clients - Secure replacements for ftp, telnet and rsh using MIT Kerberos krb5-doc - Documentation for MIT Kerberos krb5-ftpd - Secure FTP server supporting MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-rsh-server - Secure replacements for rshd and rlogind using MIT Kerberos krb5-telnetd - Secure telnet server supporting MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt6 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv6 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.7dfsg~beta3-1ubuntu0.9) karmic-security; urgency=low . * SECURITY UPDATE: kpropd denial of service via invalid network input - src/slave/kpropd.c: don't return on kpropd child exit; applied inline. - CVE-2010-4022 - MITKRB5-SA-2011-001 * SECURITY UPDATE: kdc denial of service from unauthenticated remote attackers - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h, src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c, src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c, src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: applied inline - CVE-2011-0281 - CVE-2011-0282 - MITKRB5-SA-2011-002 Checksums-Sha1: 8517a75cbc866a227b61e5b37515453f224a056b 2377 krb5_1.7dfsg~beta3-1ubuntu0.9.dsc e229a0b7f7b1d9f0625ef9739829969de0c33386 117634 krb5_1.7dfsg~beta3-1ubuntu0.9.diff.gz Checksums-Sha256: 63bd2b752c718c927b3fe38b22fcd77980558a3c9d3f55914dd020a3fc545b0a 2377 krb5_1.7dfsg~beta3-1ubuntu0.9.dsc c9f8d060ae154edcc15b8004542a03d2b280f5bb8587fe63f4b33bca43f67be1 117634 krb5_1.7dfsg~beta3-1ubuntu0.9.diff.gz Files: 13274f24a595dc2532947c327cb781d4 2377 net standard krb5_1.7dfsg~beta3-1ubuntu0.9.dsc cdce81ddadb93467f88fc08a4259264f 117634 net standard krb5_1.7dfsg~beta3-1ubuntu0.9.diff.gz Original-Maintainer: Sam Hartman From archive at ubuntu.com Tue Feb 15 21:04:39 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 15 Feb 2011 21:04:39 -0000 Subject: [ubuntu/karmic-security] shadow_4.1.4.1-1ubuntu2.2_amd64_translations.tar.gz, shadow_4.1.4.1-1ubuntu2.2_armel_translations.tar.gz, shadow_4.1.4.1-1ubuntu2.2_sparc_translations.tar.gz (delayed), shadow_4.1.4.1-1ubuntu2.2_i386_translations.tar.gz, shadow_4.1.4.1-1ubuntu2.2_powerpc_translations.tar.gz, shadow_4.1.4.1-1ubuntu2.2_lpia_translations.tar.gz, shadow, shadow_4.1.4.1-1ubuntu2.2_ia64_translations.tar.gz 1:4.1.4.1-1ubuntu2.2 (Accepted) Message-ID: <20110215210439.12523.31695.launchpad@cocoplum.canonical.com> shadow (1:4.1.4.1-1ubuntu2.2) karmic-security; urgency=low * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd. - debian/patches/900_locale_env_sanity: actually set locale environment variables correctly. - debian/patches/901_reject_newline: reject newlines in GECOS updates. - CVE-2011-0721 Date: Mon, 14 Feb 2011 13:43:17 -0800 Changed-By: Kees Cook Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/shadow/1:4.1.4.1-1ubuntu2.2 -------------- next part -------------- Format: 1.8 Date: Mon, 14 Feb 2011 13:43:17 -0800 Source: shadow Binary: passwd login Architecture: source Version: 1:4.1.4.1-1ubuntu2.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Kees Cook Description: login - system login tools passwd - change and administer password and group data Changes: shadow (1:4.1.4.1-1ubuntu2.2) karmic-security; urgency=low . * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd. - debian/patches/900_locale_env_sanity: actually set locale environment variables correctly. - debian/patches/901_reject_newline: reject newlines in GECOS updates. - CVE-2011-0721 Checksums-Sha1: d522c30d882225379da615db5080f61edf7b8798 2349 shadow_4.1.4.1-1ubuntu2.2.dsc 85d3426aeea0814e8650199a9c3d43c9429972ad 80909 shadow_4.1.4.1-1ubuntu2.2.diff.gz Checksums-Sha256: 0b65e4918cbda92e7bbee3ba374800449c08f426923568a0a2365c6ee3ff10f0 2349 shadow_4.1.4.1-1ubuntu2.2.dsc 4ea34e61a1068a89c34c3ea0e1d48bdb2d034f65fc7749e702b07a641cddb5bd 80909 shadow_4.1.4.1-1ubuntu2.2.diff.gz Files: aafbd5790c84b6d4c4ca8e26d5c22198 2349 admin required shadow_4.1.4.1-1ubuntu2.2.dsc 51c66e9b503868bdedd54efe4928cfa3 80909 admin required shadow_4.1.4.1-1ubuntu2.2.diff.gz Original-Maintainer: Shadow package maintainers From archive at ubuntu.com Thu Feb 17 17:05:14 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Thu, 17 Feb 2011 17:05:14 -0000 Subject: [ubuntu/karmic-security] python-django_1.1.1-1ubuntu1.2_i386_translations.tar.gz (delayed), python-django 1.1.1-1ubuntu1.2 (Accepted) Message-ID: <20110217170514.17889.25197.launchpad@cocoplum.canonical.com> python-django (1.1.1-1ubuntu1.2) karmic-security; urgency=low * SECURITY UPDATE: flaw in CSRF handling (LP: #719031) - debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all requests, regardless of apparent AJAX origin. This is technically backwards-incompatible, but the security risks have been judged to outweigh the compatibility concerns in this case. See the Django project notes for more information: http://www.djangoproject.com/weblog/2011/feb/08/security/ - CVE-2011-0696 * SECURITY UPDATE: potential XSS in file field rendering - debian/patches/25_CVE-2011-0697.diff: properly escape URL in django/contrib/admin/widgets.py - CVE-2011-0697 Date: Tue, 15 Feb 2011 17:18:54 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/python-django/1.1.1-1ubuntu1.2 -------------- next part -------------- Format: 1.8 Date: Tue, 15 Feb 2011 17:18:54 -0600 Source: python-django Binary: python-django python-django-doc Architecture: source Version: 1.1.1-1ubuntu1.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Jamie Strandboge Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Changes: python-django (1.1.1-1ubuntu1.2) karmic-security; urgency=low . * SECURITY UPDATE: flaw in CSRF handling (LP: #719031) - debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all requests, regardless of apparent AJAX origin. This is technically backwards-incompatible, but the security risks have been judged to outweigh the compatibility concerns in this case. See the Django project notes for more information: http://www.djangoproject.com/weblog/2011/feb/08/security/ - CVE-2011-0696 * SECURITY UPDATE: potential XSS in file field rendering - debian/patches/25_CVE-2011-0697.diff: properly escape URL in django/contrib/admin/widgets.py - CVE-2011-0697 Checksums-Sha1: bf8679cabea2782af7b8186c6c1cd1a2bd53019e 2215 python-django_1.1.1-1ubuntu1.2.dsc 728bd1a63f3551bf0cfb5a91c69038a3e33dae5c 23178 python-django_1.1.1-1ubuntu1.2.diff.gz Checksums-Sha256: 3eac717503981b4dc9f5def5271a20d3bb3b5474ddc7610d9a9f86a408d17e9e 2215 python-django_1.1.1-1ubuntu1.2.dsc 3f571d203c827937fac53dbd3c3394fc8674218071ca9810f5c27c17e63718e1 23178 python-django_1.1.1-1ubuntu1.2.diff.gz Files: 9665d3d7efb78757cc7debdd8de52dee 2215 python optional python-django_1.1.1-1ubuntu1.2.dsc 9ee3275d17444e0fe9f29b558a50d656 23178 python optional python-django_1.1.1-1ubuntu1.2.diff.gz Launchpad-Bugs-Fixed: 719031 Original-Maintainer: Chris Lamb From archive at ubuntu.com Thu Feb 17 18:04:02 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Thu, 17 Feb 2011 18:04:02 -0000 Subject: [ubuntu/karmic-security] telepathy-gabble, telepathy-gabble (delayed) 0.8.7-1ubuntu1.1 (Accepted) Message-ID: <20110217180402.5593.6513.launchpad@cocoplum.canonical.com> telepathy-gabble (0.8.7-1ubuntu1.1) karmic-security; urgency=low * SECURITY UPDATE: don't process google:jingleinfo updates from contacts - debian/patches/security-ignore-google-jingleinfo-from-contacts.patch: don't accept jingleinfo except from self or server - CVE-2011-XXXX Date: Tue, 15 Feb 2011 12:54:48 -0600 Changed-By: Jamie Strandboge Maintainer: Ubuntu Desktop Team https://launchpad.net/ubuntu/karmic/+source/telepathy-gabble/0.8.7-1ubuntu1.1 -------------- next part -------------- Format: 1.8 Date: Tue, 15 Feb 2011 12:54:48 -0600 Source: telepathy-gabble Binary: telepathy-gabble telepathy-gabble-dbg Architecture: source Version: 0.8.7-1ubuntu1.1 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Desktop Team Changed-By: Jamie Strandboge Description: telepathy-gabble - Jabber/XMPP connection manager telepathy-gabble-dbg - Jabber/XMPP connection manager (debug symbols) Changes: telepathy-gabble (0.8.7-1ubuntu1.1) karmic-security; urgency=low . * SECURITY UPDATE: don't process google:jingleinfo updates from contacts - debian/patches/security-ignore-google-jingleinfo-from-contacts.patch: don't accept jingleinfo except from self or server - CVE-2011-XXXX Checksums-Sha1: 144ef8200cc53e9c42bc2ddf5c7408403e11691c 2553 telepathy-gabble_0.8.7-1ubuntu1.1.dsc c906cf5aa2f6eb4a8e5b9ccb0285c94aca992cb6 13990 telepathy-gabble_0.8.7-1ubuntu1.1.diff.gz Checksums-Sha256: 97dc33e5c10cc987f4fb6da337c9a05e616de6dc7ef134b347c4eab6a0fb83d0 2553 telepathy-gabble_0.8.7-1ubuntu1.1.dsc 64f5803cfe943e70835b97a5770abbe8fb34847b8ddc531152e9ea05dbf10e47 13990 telepathy-gabble_0.8.7-1ubuntu1.1.diff.gz Files: 6eac46deafcf04a43accfc7fb1a07b3a 2553 net optional telepathy-gabble_0.8.7-1ubuntu1.1.dsc 351f08742f5f0ef7f90e8a750578e4e6 13990 net optional telepathy-gabble_0.8.7-1ubuntu1.1.diff.gz Original-Maintainer: Debian Telepathy maintainers From archive at ubuntu.com Sat Feb 19 01:26:59 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Sat, 19 Feb 2011 01:26:59 -0000 Subject: [ubuntu/karmic-security] spamass-milter, spamass-milter (delayed) 0.3.1-8+lenny2build0.9.10.1 (Accepted) Message-ID: <20110219012659.26797.91099.launchpad@cocoplum.canonical.com> spamass-milter (0.3.1-8+lenny2build0.9.10.1) karmic-security; urgency=low * fake sync from Debian spamass-milter (0.3.1-8+lenny2) stable-security; urgency=low * Fix zombies which were happening with previous patch to fix -x due to lack of a proper call to waitpid(). (closes: #575019) Date: Fri, 18 Feb 2011 12:55:15 -0600 Changed-By: Jamie Strandboge Maintainer: Don Armstrong https://launchpad.net/ubuntu/karmic/+source/spamass-milter/0.3.1-8+lenny2build0.9.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 18 Feb 2011 12:55:15 -0600 Source: spamass-milter Binary: spamass-milter Architecture: source Version: 0.3.1-8+lenny2build0.9.10.1 Distribution: karmic-security Urgency: low Maintainer: Don Armstrong Changed-By: Jamie Strandboge Description: spamass-milter - milter for filtering mail through spamassassin Closes: 575019 Changes: spamass-milter (0.3.1-8+lenny2build0.9.10.1) karmic-security; urgency=low . * fake sync from Debian . spamass-milter (0.3.1-8+lenny2) stable-security; urgency=low . * Fix zombies which were happening with previous patch to fix -x due to lack of a proper call to waitpid(). (closes: #575019) Checksums-Sha1: 7621dc81d8788b07849a518e9ea4b85d4a0cb76b 1745 spamass-milter_0.3.1-8+lenny2build0.9.10.1.dsc daf30d9b68d8a2a8ce51da0f8023b7bff217aed1 35579 spamass-milter_0.3.1-8+lenny2build0.9.10.1.diff.gz Checksums-Sha256: 9dd21c76873a16338f78368360910585beac3cb35c5f8244352dbb629ae9ed47 1745 spamass-milter_0.3.1-8+lenny2build0.9.10.1.dsc 7807c66c247445b1cf655001aeb9eab987c049b8a3b28a4921f6c4162f69b5a6 35579 spamass-milter_0.3.1-8+lenny2build0.9.10.1.diff.gz Files: ad22970c092d570b711f997a502c5e82 1745 mail extra spamass-milter_0.3.1-8+lenny2build0.9.10.1.dsc b1dc5a7f62b3a42eaee3bb19f7a30bd6 35579 mail extra spamass-milter_0.3.1-8+lenny2build0.9.10.1.diff.gz From archive at ubuntu.com Sat Feb 19 01:27:03 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Sat, 19 Feb 2011 01:27:03 -0000 Subject: [ubuntu/karmic-security] cgiirc, cgiirc (delayed) 0.5.9-3squeeze1build0.9.10.1 (Accepted) Message-ID: <20110219012703.26797.8190.launchpad@cocoplum.canonical.com> cgiirc (0.5.9-3squeeze1build0.9.10.1) karmic-security; urgency=low * fake sync from Debian cgiirc (0.5.9-3squeeze1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Fixed XSS flaw in handling clients who have Javascript disabled. [CVE-2011-0050] Date: Fri, 18 Feb 2011 12:42:35 -0600 Changed-By: Jamie Strandboge Maintainer: Damián Viano https://launchpad.net/ubuntu/karmic/+source/cgiirc/0.5.9-3squeeze1build0.9.10.1 -------------- next part -------------- Format: 1.8 Date: Fri, 18 Feb 2011 12:42:35 -0600 Source: cgiirc Binary: cgiirc Architecture: source Version: 0.5.9-3squeeze1build0.9.10.1 Distribution: karmic-security Urgency: high Maintainer: Damián Viano Changed-By: Jamie Strandboge Description: cgiirc - web based irc client Changes: cgiirc (0.5.9-3squeeze1build0.9.10.1) karmic-security; urgency=low . * fake sync from Debian . cgiirc (0.5.9-3squeeze1) stable-security; urgency=high . * Non-maintainer upload by The Security Team. * Fixed XSS flaw in handling clients who have Javascript disabled. [CVE-2011-0050] Checksums-Sha1: 27052d9a5e44ce7a6b24de0eb62527243bf2ac0c 1667 cgiirc_0.5.9-3squeeze1build0.9.10.1.dsc cd4746df11e4e6c2cf9b1513a6f7550010811ab1 6404 cgiirc_0.5.9-3squeeze1build0.9.10.1.diff.gz Checksums-Sha256: 0fdc200a69665cffc3652dbc8a951a70158b0284dbbe306cea83374eba78bca1 1667 cgiirc_0.5.9-3squeeze1build0.9.10.1.dsc a1d7e319b68145728cbe78623d54352efe3b0f83d65a19d4031e45bfd7d785e0 6404 cgiirc_0.5.9-3squeeze1build0.9.10.1.diff.gz Files: 478dc4c95e2bc96e775d4453df75c51c 1667 net extra cgiirc_0.5.9-3squeeze1build0.9.10.1.dsc 8b9fbf620da5748493fca57405f97c65 6404 net extra cgiirc_0.5.9-3squeeze1build0.9.10.1.diff.gz From archive at ubuntu.com Tue Feb 22 20:05:51 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Tue, 22 Feb 2011 20:05:51 -0000 Subject: [ubuntu/karmic-security] mailman_2.1.12-2ubuntu0.2_armel_translations.tar.gz, mailman_2.1.12-2ubuntu0.2_lpia_translations.tar.gz, mailman, mailman_2.1.12-2ubuntu0.2_amd64_translations.tar.gz, mailman_2.1.12-2ubuntu0.2_i386_translations.tar.gz, mailman_2.1.12-2ubuntu0.2_sparc_translations.tar.gz (delayed), mailman_2.1.12-2ubuntu0.2_ia64_translations.tar.gz, mailman_2.1.12-2ubuntu0.2_powerpc_translations.tar.gz 1:2.1.12-2ubuntu0.2 (Accepted) Message-ID: <20110222200551.31676.95869.launchpad@cocoplum.canonical.com> mailman (1:2.1.12-2ubuntu0.2) karmic-security; urgency=low * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py - debian/patches/80_CVE-2011-0707.patch: properly clean strings in Mailman/Cgi/confirm.py. - CVE-2011-0707 * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list information and description fields - debian/patches/81_CVE-2010-3089.patch: properly clean strings in Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py. - CVE-2010-3089 Date: Thu, 17 Feb 2011 10:05:20 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/mailman/1:2.1.12-2ubuntu0.2 -------------- next part -------------- Format: 1.8 Date: Thu, 17 Feb 2011 10:05:20 -0500 Source: mailman Binary: mailman Architecture: source Version: 1:2.1.12-2ubuntu0.2 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: mailman - Powerful, web-based mailing list manager Changes: mailman (1:2.1.12-2ubuntu0.2) karmic-security; urgency=low . * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py - debian/patches/80_CVE-2011-0707.patch: properly clean strings in Mailman/Cgi/confirm.py. - CVE-2011-0707 * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list information and description fields - debian/patches/81_CVE-2010-3089.patch: properly clean strings in Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py. - CVE-2010-3089 Checksums-Sha1: d28d57c0a4757a6dcf7a7400fc51076e94e28be7 2078 mailman_2.1.12-2ubuntu0.2.dsc 32596249116d2aaee8d7dc2f8dc20e6a41ebe04d 129415 mailman_2.1.12-2ubuntu0.2.diff.gz Checksums-Sha256: f6cd860dbe6257a6473ff2040dd8a0fe3e485ab9435e1c7073674e804a9ff81e 2078 mailman_2.1.12-2ubuntu0.2.dsc 673c886b0b8c7c9f3b46b2b6cd5878521d513a575200ea8532d27dec26e6ce93 129415 mailman_2.1.12-2ubuntu0.2.diff.gz Files: 5fd10464412a48d0875610cd9e0c2a19 2078 mail optional mailman_2.1.12-2ubuntu0.2.dsc ee767ed05a51dc926f2402f9c5592cea 129415 mail optional mailman_2.1.12-2ubuntu0.2.diff.gz Original-Maintainer: Mailman for Debian From archive at ubuntu.com Fri Feb 25 17:05:20 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Fri, 25 Feb 2011 17:05:20 -0000 Subject: [ubuntu/karmic-security] sun-java6_6.24-1build0.9.10.1_amd64_translations.tar.gz, sun-java6_6.24-1build0.9.10.1_lpia_translations.tar.gz (delayed), sun-java6_6.24-1build0.9.10.1_i386_translations.tar.gz, sun-java6, sun-java6_6.24-1build0.9.10.1_ia64_translations.tar.gz 6.24-1build0.9.10.1 (Accepted) Message-ID: <20110225170520.17737.89379.launchpad@cocoplum.canonical.com> sun-java6 (6.24-1build0.9.10.1) karmic-security; urgency=low * Fake sync from Debian (LP: #716689) * Removed debian/source dir reverting back to 1.0 packaging format as 3.0 (quilt) isn't available prior to Lucid Date: Mon, 21 Feb 2011 15:42:33 -0500 Changed-By: Brian Thomason Maintainer: Debian Java Maintainers https://launchpad.net/ubuntu/karmic/+source/sun-java6/6.24-1build0.9.10.1 -------------- next part -------------- Format: 1.8 Date: Mon, 21 Feb 2011 15:42:33 -0500 Source: sun-java6 Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb Architecture: source Version: 6.24-1build0.9.10.1 Distribution: karmic-security Urgency: low Maintainer: Debian Java Maintainers Changed-By: Brian Thomason Description: ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit) ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit) sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE) sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files Launchpad-Bugs-Fixed: 716689 Changes: sun-java6 (6.24-1build0.9.10.1) karmic-security; urgency=low . * Fake sync from Debian (LP: #716689) * Removed debian/source dir reverting back to 1.0 packaging format as 3.0 (quilt) isn't available prior to Lucid Checksums-Sha1: b9be8a3c122fb98bddef872633b73021950718af 2324 sun-java6_6.24-1build0.9.10.1.dsc 16d7f677c52444ec10801950d696b929de264184 87361 sun-java6_6.24-1build0.9.10.1.diff.gz Checksums-Sha256: 0e57e47312f77e4ef35d6d65bf1775970388fccb22084826c6aea29cd6b39f24 2324 sun-java6_6.24-1build0.9.10.1.dsc f17a8323758148652a6da3c0e6d6590e13f3223b06b179a910e7da35309d75e3 87361 sun-java6_6.24-1build0.9.10.1.diff.gz Files: fc248c11b7b12a7f9770c0b490042a7d 2324 non-free/java optional sun-java6_6.24-1build0.9.10.1.dsc 98eb90ddc3b0ef8c0e7f640a0075bb42 87361 non-free/java optional sun-java6_6.24-1build0.9.10.1.diff.gz From archive at ubuntu.com Mon Feb 28 18:07:10 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 28 Feb 2011 18:07:10 -0000 Subject: [ubuntu/karmic-security] fuse, fuse (delayed) 2.7.4-1.1ubuntu4.5 (Accepted) Message-ID: <20110228180710.4491.21932.launchpad@cocoplum.canonical.com> fuse (2.7.4-1.1ubuntu4.5) karmic-security; urgency=low * SECURITY UPDATE: arbitrary unprivileged unmount - debian/patches/CVE-2011-0541.dpatch: don't follow symlinks when unmounting in case of a failed mtab update in util/fusermount.c. - debian/patches/CVE-2011-0542.dpatch: chdir to / before performing mount/umount in util/fusermount.c. - debian/patches/CVE-2011-0543.dpatch: remove legacy util-linux support so symlinks don't get followed upon fallback in lib/mount_util.c, util/fusermount.c. - CVE-2011-0541 - CVE-2011-0542 - CVE-2011-0543 Date: Fri, 11 Feb 2011 15:03:12 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/fuse/2.7.4-1.1ubuntu4.5 -------------- next part -------------- Format: 1.8 Date: Fri, 11 Feb 2011 15:03:12 -0500 Source: fuse Binary: fuse-utils libfuse-dev libfuse2 fuse-utils-udeb libfuse2-udeb Architecture: source Version: 2.7.4-1.1ubuntu4.5 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: fuse-utils - Filesystem in USErspace (utilities) fuse-utils-udeb - Filesystem in USErspace (utilities) (udeb) libfuse-dev - Filesystem in USErspace (development files) libfuse2 - Filesystem in USErspace library libfuse2-udeb - Filesystem in USErspace library (udeb) Changes: fuse (2.7.4-1.1ubuntu4.5) karmic-security; urgency=low . * SECURITY UPDATE: arbitrary unprivileged unmount - debian/patches/CVE-2011-0541.dpatch: don't follow symlinks when unmounting in case of a failed mtab update in util/fusermount.c. - debian/patches/CVE-2011-0542.dpatch: chdir to / before performing mount/umount in util/fusermount.c. - debian/patches/CVE-2011-0543.dpatch: remove legacy util-linux support so symlinks don't get followed upon fallback in lib/mount_util.c, util/fusermount.c. - CVE-2011-0541 - CVE-2011-0542 - CVE-2011-0543 Checksums-Sha1: 6683de9de3731f7b3633d6dc71b2f5940091d453 1930 fuse_2.7.4-1.1ubuntu4.5.dsc 9016a947e0c161f24361d3dbb771e75334fd7063 24833 fuse_2.7.4-1.1ubuntu4.5.diff.gz Checksums-Sha256: 37fb9dcd67aad298c8772e60596a7d00a80683ed791bbe0cbbc7562842c5852e 1930 fuse_2.7.4-1.1ubuntu4.5.dsc 3430e8738ae18bbeed8a3fd66e25d3167ecf145a6d0319e03f7597ebd9e5322f 24833 fuse_2.7.4-1.1ubuntu4.5.diff.gz Files: 6a18591fb326138efd34c2593764af64 1930 libs optional fuse_2.7.4-1.1ubuntu4.5.dsc 9c049def4fb7fd4ce94dd7c8e0921ccb 24833 libs optional fuse_2.7.4-1.1ubuntu4.5.diff.gz Original-Maintainer: Bartosz Fenski From archive at ubuntu.com Mon Feb 28 18:07:30 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 28 Feb 2011 18:07:30 -0000 Subject: [ubuntu/karmic-security] clamav_0.95.3+dfsg-1ubuntu0.09.10.4_armel_translations.tar.gz, clamav_0.95.3+dfsg-1ubuntu0.09.10.4_i386_translations.tar.gz, clamav_0.95.3+dfsg-1ubuntu0.09.10.4_amd64_translations.tar.gz, clamav, clamav_0.95.3+dfsg-1ubuntu0.09.10.4_ia64_translations.tar.gz, clamav_0.95.3+dfsg-1ubuntu0.09.10.4_sparc_translations.tar.gz (delayed), clamav_0.95.3+dfsg-1ubuntu0.09.10.4_lpia_translations.tar.gz, clamav_0.95.3+dfsg-1ubuntu0.09.10.4_powerpc_translations.tar.gz 0.95.3+dfsg-1ubuntu0.09.10.4 (Accepted) Message-ID: <20110228180730.4491.93098.launchpad@cocoplum.canonical.com> clamav (0.95.3+dfsg-1ubuntu0.09.10.4) karmic-security; urgency=low * SECURITY UPDATE: denial of service via double free in vba processing - libclamav/vba_extract.c: set buf to NULL when it gets freed. - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f - CVE-2011-1003 Date: Wed, 23 Feb 2011 14:50:51 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/clamav/0.95.3+dfsg-1ubuntu0.09.10.4 -------------- next part -------------- Format: 1.8 Date: Wed, 23 Feb 2011 14:50:51 -0500 Source: clamav Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter Architecture: source Version: 0.95.3+dfsg-1ubuntu0.09.10.4 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: clamav - anti-virus utility for Unix - command-line interface clamav-base - anti-virus utility for Unix - base package clamav-daemon - anti-virus utility for Unix - scanner daemon clamav-dbg - debug symbols for ClamAV clamav-docs - anti-virus utility for Unix - documentation clamav-freshclam - anti-virus utility for Unix - virus database update utility clamav-milter - anti-virus utility for Unix - sendmail integration clamav-testfiles - anti-virus utility for Unix - test files libclamav-dev - anti-virus utility for Unix - development files libclamav6 - anti-virus utility for Unix - library Changes: clamav (0.95.3+dfsg-1ubuntu0.09.10.4) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via double free in vba processing - libclamav/vba_extract.c: set buf to NULL when it gets freed. - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f - CVE-2011-1003 Checksums-Sha1: 42be2284191cc448ba045229c25e55dbd1b3fd6c 2200 clamav_0.95.3+dfsg-1ubuntu0.09.10.4.dsc 8e11f4b7ea3eea062436e761f1a3ca24d8783828 266751 clamav_0.95.3+dfsg-1ubuntu0.09.10.4.diff.gz Checksums-Sha256: e146815c571c4a5f3435f021ec2de0479e356cd970fad9df2bf1ef79f1051687 2200 clamav_0.95.3+dfsg-1ubuntu0.09.10.4.dsc 0933bfc7e9a05b44f25d8f5ab84b15780a16767d45d7d2c33da06428a5c692c8 266751 clamav_0.95.3+dfsg-1ubuntu0.09.10.4.diff.gz Files: 11176ce261f337f98615e64abf25069d 2200 utils optional clamav_0.95.3+dfsg-1ubuntu0.09.10.4.dsc b92bfa373bb70a45a6a6b9da28ed6f3f 266751 utils optional clamav_0.95.3+dfsg-1ubuntu0.09.10.4.diff.gz Original-Maintainer: ClamAV Team From archive at ubuntu.com Mon Feb 28 18:08:01 2011 From: archive at ubuntu.com (Ubuntu Installer) Date: Mon, 28 Feb 2011 18:08:01 -0000 Subject: [ubuntu/karmic-security] samba, samba_3.4.0-3ubuntu5.8_amd64_translations.tar.gz, samba_3.4.0-3ubuntu5.8_lpia_translations.tar.gz, samba_3.4.0-3ubuntu5.8_ia64_translations.tar.gz, samba_3.4.0-3ubuntu5.8_sparc_translations.tar.gz (delayed), samba_3.4.0-3ubuntu5.8_i386_translations.tar.gz, samba_3.4.0-3ubuntu5.8_powerpc_translations.tar.gz, samba_3.4.0-3ubuntu5.8_armel_translations.tar.gz 2:3.4.0-3ubuntu5.8 (Accepted) Message-ID: <20110228180801.4491.63576.launchpad@cocoplum.canonical.com> samba (2:3.4.0-3ubuntu5.8) karmic-security; urgency=low * SECURITY UPDATE: denial of service via missing range checks on file descriptors - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous file descriptors. - CVE-2011-0719 Date: Wed, 23 Feb 2011 16:21:11 -0500 Changed-By: Marc Deslauriers Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/karmic/+source/samba/2:3.4.0-3ubuntu5.8 -------------- next part -------------- Format: 1.8 Date: Wed, 23 Feb 2011 16:21:11 -0500 Source: samba Binary: samba samba-common-bin samba-common samba-tools smbclient swat samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev winbind samba-dbg libwbclient0 Architecture: source Version: 2:3.4.0-3ubuntu5.8 Distribution: karmic-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: libpam-smbpass - pluggable authentication module for Samba libsmbclient - shared library for communication with SMB/CIFS servers libsmbclient-dev - development files for libsmbclient libwbclient0 - Samba winbind client library samba - SMB/CIFS file, print, and login server for Unix samba-common - common files used by both the Samba server and client samba-common-bin - common files used by both the Samba server and client samba-dbg - Samba debugging symbols samba-doc - Samba documentation samba-doc-pdf - Samba documentation in PDF format samba-tools - Samba testing utilities smbclient - command-line SMB/CIFS clients for Unix smbfs - Samba file system utilities swat - Samba Web Administration Tool winbind - Samba nameservice integration server Changes: samba (2:3.4.0-3ubuntu5.8) karmic-security; urgency=low . * SECURITY UPDATE: denial of service via missing range checks on file descriptors - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous file descriptors. - CVE-2011-0719 Checksums-Sha1: 476a59d0e1eb1d337989b8dba31150b5ad4cce6a 2834 samba_3.4.0-3ubuntu5.8.dsc 649a923fe8b5d70026a5b6d9c633c022382e0a43 507952 samba_3.4.0-3ubuntu5.8.diff.gz Checksums-Sha256: d8d3ae9af4cd2f0cf9d62989710932f245003ee5b77b48b008713408e3003e4b 2834 samba_3.4.0-3ubuntu5.8.dsc bbaa5e33980b08a906eeb0508cea2a295fca1b36b6fe5077f6251bbdb9a8c091 507952 samba_3.4.0-3ubuntu5.8.diff.gz Files: eaad6dcd96b8c36148b069d5525934c7 2834 net optional samba_3.4.0-3ubuntu5.8.dsc 6a85470c2e4657e56bbf9223d561fea2 507952 net optional samba_3.4.0-3ubuntu5.8.diff.gz Original-Maintainer: Debian Samba Maintainers From brian.thomason at canonical.com Mon Feb 28 22:31:28 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Mon, 28 Feb 2011 22:31:28 -0000 Subject: [ubuntu/karmic] acroread 9.4.2-0karmic1 (Accepted) Message-ID: <20110228223128.2531.88512.launchpad@cocoplum.canonical.com> acroread (9.4.2-0karmic1) karmic; urgency=low * Initial release of 9.4.2 for Karmic Date: Mon, 28 Feb 2011 14:32:27 -0500 Changed-By: Brian Thomason https://launchpad.net/ubuntu/karmic/+source/acroread/9.4.2-0karmic1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 28 Feb 2011 14:32:27 -0500 Source: acroread Binary: acroread Architecture: source Version: 9.4.2-0karmic1 Distribution: karmic Urgency: low Maintainer: Brian Thomason Changed-By: Brian Thomason Description: acroread - Adobe Reader Changes: acroread (9.4.2-0karmic1) karmic; urgency=low . * Initial release of 9.4.2 for Karmic Checksums-Sha1: 962d83078600475bc1548d708801ef94923f8625 1203 acroread_9.4.2-0karmic1.dsc 8c7068a0255bdd57cfda027ab7bf467228d657e0 5963 acroread_9.4.2-0karmic1.diff.gz Checksums-Sha256: 16dae62cd55e368178daf44b56ed523f6b8a143a33548d95b9f9ddf782f72a0b 1203 acroread_9.4.2-0karmic1.dsc f49c23c02a7b1379c6ca397a9705de683f1f637808bebc01d92a1ab6d1a09a53 5963 acroread_9.4.2-0karmic1.diff.gz Files: e153a2e6ee1ad082e57857cf4de84aaf 1203 partner/text extra acroread_9.4.2-0karmic1.dsc 7b0a76744c4393d4280cf2cf9d86a442 5963 partner/text extra acroread_9.4.2-0karmic1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1r+GQACgkQOb4zNfJqN5c44wCdHmiIrPw5+IkxqF9r7hUlpe7w +LYAnjw+k9GpHL13MpyS7opxBtAbR8sn =PWXD -----END PGP SIGNATURE----- From brian.thomason at canonical.com Mon Feb 28 23:00:33 2011 From: brian.thomason at canonical.com (Brian Thomason) Date: Mon, 28 Feb 2011 23:00:33 -0000 Subject: [ubuntu/karmic] adobereader-deu 9.4.2-0karmic1 (Accepted) Message-ID: <20110228230033.14334.50808.launchpad@cocoplum.canonical.com> adobereader-deu (9.4.2-0karmic1) karmic; urgency=low * New upstream release Date: Mon, 28 Feb 2011 15:22:08 -0500 Changed-By: Brian Thomason https://launchpad.net/ubuntu/karmic/+source/adobereader-deu/9.4.2-0karmic1 -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 28 Feb 2011 15:22:08 -0500 Source: adobereader-deu Binary: adobereader-deu Architecture: source Version: 9.4.2-0karmic1 Distribution: karmic Urgency: low Maintainer: Brian Thomason Changed-By: Brian Thomason Description: adobereader-deu - Adobe Reader Changes: adobereader-deu (9.4.2-0karmic1) karmic; urgency=low . * New upstream release Checksums-Sha1: 3b77a0d21394a4f915b5bb322ecf921d5323a469 1259 adobereader-deu_9.4.2-0karmic1.dsc afbde2c924e3c48ce4767ad857eff22faed7beef 68871089 adobereader-deu_9.4.2.orig.tar.gz 61e892cf9e4ee96f00e4670d2d516878a8db266b 5058 adobereader-deu_9.4.2-0karmic1.diff.gz Checksums-Sha256: 1030b38fed6422fb00c2d90e73a2bb34c77d08a2c568c29b4c8008b36732caab 1259 adobereader-deu_9.4.2-0karmic1.dsc 069ed1de06d49c0bb6a1415dfc7ecbfa78f130390f483d2d076b338e0916f339 68871089 adobereader-deu_9.4.2.orig.tar.gz 75437d05dd42c0830e5c208fa8d7ff18bbda3f9d5b58df00c2aa4e46e091685b 5058 adobereader-deu_9.4.2-0karmic1.diff.gz Files: 91d6ff86feb933666d3265698e90a4b5 1259 partner/text extra adobereader-deu_9.4.2-0karmic1.dsc c7676a94e00024fe25a456530839f955 68871089 partner/text extra adobereader-deu_9.4.2.orig.tar.gz 017e37d7bb7632cb6b334bc21d47feec 5058 partner/text extra adobereader-deu_9.4.2-0karmic1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1sBCcACgkQOb4zNfJqN5c1vQCeIR4M6h35eaTUietow/Wig9Xi z2IAn2YBRkdR5zfzsA0+ADfLmx+rtVWi =vnyr -----END PGP SIGNATURE-----